Actions to perform during automatic rule generation

To configure the actions that Kaspersky Security for Windows Server while the Rule Generator for Applications Launch Control task is running:

1. Open the Properties: Rule Generator for Applications Launch Control window.
2. Open the Options tab.
3. In the While generating allowing rules section, configure the following settings:
   • Use digital certificate
     

     If this option is selected, the presence of a digital certificate is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will now allow start of programs launched using files with a digital certificate. We recommend this option if you want to allow the start of any applications that are trusted in the operating system.

     This option is selected by default.

   • Use digital certificate subject and thumbprint
     

     The check box enables or disables the use of the subject and thumbprint of the file's digital certificate as a criterion for triggering the allowing rules for Applications Launch Control. Selecting this check box lets you specify stricter digital certificate verification conditions.

     If this check box is selected, the subject and thumbprint values of the digital certificate of files for which the rules are generated are set as a criterion for triggering the allowing rules for Applications Launch Control. Kaspersky Security for Windows Server will allow applications that are launched using files with the specified thumbprint and digital certificate.

     Selecting this check box highly restricts the triggering of allowing rules based on a digital certificate because a thumbprint is a unique identifier of a digital certificate and cannot be forged.

     If this check box is cleared, the existence of any digital certificate that is trusted in the operating system is set as a criterion for triggering the allowing rules for Applications Launch Control.

     This check box is active if the Use digital certificate option is selected.

     The check box is selected by default.

   • If the certificate is missing, use
     

     This is a drop-down list that allows you to select the criterion for triggering an allowing rule for Applications Launch Control if the file used to generate the rule, has no digital certificate.

     • SHA256 hash. The checksum of the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.
     • path to file. The path to the file used to generate the rule is set as a criterion for triggering the allowing rule for Applications Launch Control. The application will now allow start of programs launched using files located in the folders specified in the Create allowing rules for applications from the folders table in the Settings section.
   • Use SHA256 hash
     

     If this option is selected, the checksum of the file used to generate the rule is specified as a rule-triggering criterion in the settings of the newly generated allowing rules for Applications Launch Control. The application will allow start of programs launched using files with the specified checksum.

     We recommend this option for cases when the generated rules must achieve the highest level of security: a SHA256 checksum may be used as a unique file ID. Using a SHA256 checksum as a rule-triggering criterion restricts the rule usage scope to one file.

   • Generate rules for user or group of users.
     

     This is a field that displays a user or group of users. The application will control any applications run by the specified user or group of users.

     The default selection is Everyone.

4. Click OK.

The specified settings are saved.